Overview

overview

10

Static

static

10

Find Walle...ck.exe

windows10-1703-x64

10

Find Walle...ck.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Find Wallet v3.2-Crack.exe

  • Size

    3.6MB

  • Sample

    241025-gx5s2avhnd

  • MD5

    a5aad19f2467992040dce284a1d34016

  • SHA1

    9bf000680f2870272ba9f0403ca4dc526fb7c16c

  • SHA256

    6131f59ade95f5aaf4f78c1cbd31f033ae508bae3418d30ad9b7e35e3f96beb6

  • SHA512

    826ba74121fc2da46e5c2c84bd758b367febbb90ff408abc723c4e7add75a8b3991fa21f19eae884b1979d9fe845d6fa5ef68a33c4a815c0d90bc58b83ef3d47

  • SSDEEP

    24576:E8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tsbV:E8j/MW+ise8IW4rF5ovXy6t7BQj1PU

Score
10/10
neshtastormkittycollectiondiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      Find Wallet v3.2-Crack.exe

    • Size

      3.6MB

    • MD5

      a5aad19f2467992040dce284a1d34016

    • SHA1

      9bf000680f2870272ba9f0403ca4dc526fb7c16c

    • SHA256

      6131f59ade95f5aaf4f78c1cbd31f033ae508bae3418d30ad9b7e35e3f96beb6

    • SHA512

      826ba74121fc2da46e5c2c84bd758b367febbb90ff408abc723c4e7add75a8b3991fa21f19eae884b1979d9fe845d6fa5ef68a33c4a815c0d90bc58b83ef3d47

    • SSDEEP

      24576:E8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tsbV:E8j/MW+ise8IW4rF5ovXy6t7BQj1PU

    Score
    10/10
    neshtastormkittycollectiondiscoverypersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks